Ask Slashdot: Securing a Journalist's Laptop Against a Police Search?

Bruce66423 writes: In the light of the British police's seizure of a BBC laptop what is the right configuration and practices to ensure that such a seizure provides zero information to the cops? This post from Thursday might be a good place for some ideas, but that one's expressly about securing a Chromebook; what would you advise for securing a more conventional laptop? (Or desktop, for that matter.)

Laptop

[fyngyrz]

Don't store your information on the laptop in the first place. Just use it as an editing and remote-access tool over a secure connection or to a USB stick you don't expose to search procedures.

That's about the best you can do, short of memorizing everything.

Encrypt the laptop, and you could lose it. Just let them search it top to bottom, then when they're done and you're wherever you're going, wipe the hard drive, reinstall your OS, and carry on.

It's really not a great idea to carry information you need to be secure around with you.

Complete Deniability that data exists

[gurps_npc]

Whatever kind of encryption you use should have the ability to use alternative passwords - an unlimited number of them. So enter password (A) reveals your tax records, password (B) gets pictures of naked 30 year old men. But enter password (C) and you get clear pictures of Mr. Cameron violating a dead pig. When they demand your password, give them password A. If they get all torture-ish you give them password B.

Re:Complete Deniability that data exists

[kbonin]

TrueCrypt probably triggered their warrant canary and the dev team decided to call it quits, since NSLs are so much fun to fight for people living in the formerly free country known as the US. In the mean time, code forked and picked up here: https://veracrypt.codeplex.com...

Don't have anything for them to find

[Todd+Knarr]

Best bet is simply not to have anything for them to find. Store your data on a thumb drive (that you'll carry or ship separately) or upload it to your own server or a service like Google Drive or Dropbox, encrypting it or not first, all depending on how sensitive the information is. Delete it or secure-wipe it or wipe the whole drive and do a complete factory restore on your laptop depending on how invasive you think the search might be. Then let the cops search all they want, they won't find what isn't there.

NB: Linux makes a better platform for this than Windows. On Windows bits of your files can end up in the oddest places to be found during a scan of the drive. On Linux it's easy to set up a separate partition where all your data will go and be certain it didn't leave traces anywhere else, and that partition can be secure-wiped and reformatted without messing up the OS installation in the process. Plus the cops are less likely to be familiar with Linux, and you can play the dumb-non-techie card of "I dunno, it's whatever the guys in IT put on it. I just follow the instructions to run my programs and everything works.".

Re:Don't have anything for them to find

[LVSlushdat]

Tell me my tinfoil hat is on too tight if you want, but I *strongly* suspect its NOT going to be *too* far in the future when those of us who refuse to use Windows and use Linux instead will be charged with violation of a yet-to-be-passed law, but one that is almost surely to be passed by the authoritarian thugs that currently infest most governments. For all we know, this sneaky Transpacific Partnership abortion thats making its way thru the halls of congress may have the beginnings of such in it, and since we, the unwashed plebes, are not privy to its contents, heaven only knows what is in it. Both the US and UK are diving at a faster and faster rate down towards blatant totalitarianism.. When you look at the many traffic analylsises that have been on Microsoft's latest offering, you start to wonder if they've not gone into partnership with the NSA to fill up that giant datacenter in Utah with everything you do on your Windows machine. This being the main reason I suspect it won't be too long before those of us who don't suck at the MS tit, will be persecuted for using an OS that doesn't feed the MS/NSA behemoth... Before you accuse me of being paranoid, stop and think about what I said.... Glad I'm 65 and not a youngster growing up in this ever-increasing totalitarian world...

Re:Do we have to go through this again?

[BitterOak]

The key is to have no way to decrypt the laptop, then they can't force you to. Make sure someone else has the key, preferably in another jurisdiction (i.e. country).

That could land you in prison in the U.K. Legislation in that country required you to decrypt data for authorities on demand. Losing or destroying the keys is no excuse.

Step by step instructions

[spiritplumber]

1) Make one of these: https://hackaday.com/2015/10/1...

2) Hand everything over. Warn the bad guys that if they try to use your USB stick, it'll fry their computer.

3) When they fry their computer, ask if they have learned their lesson about taking you on your word.

4) Be cooperative. You already won the battle of wits, be a gracious winner.

5) Your data was on your obscure self-hosted webserver elsewhere in the first place.

You may be compelled to decrypt it anyway

[gotribal]

Back when I was at Kazaa many years ago, I kept all my files in a BestCrypt-encrypted drive, and all sensitive emails were PGP-encrypted. I was feeling pleased - if anyone got hold of my computer, there was nothing to see. But then one day our office was raided in a search discovery order, and all that time spent encrypting things came to naught, if I refused to hand over anything it would have been contempt of court. And so I printed out thousands of emails in one long continuous unformatted strip... that was about as far as I could go. I did consider that I could have gone one step further and used BestCrypt's feature that lets you create an encrypted drive that's actually two partitions - give out one key and all you see is nice set of clean files, plus a whole lot of random bytes. It's something to consider, but you're living dangerously if it's a court order. BTW, there's discussion here about keeping data in the cloud - another tempting option. Broadly the law can compel you to hand over any data "In your control or possession", where possession is defined as including the means to retrieve remote data. So there would need to be zero knowledge of having that remote data at all. Just sayin'

Re:Securing your laptop? Only one way

[BlueStrat]

The only reliable way to protect your data from government thugs is to change the government such that there are no government thugs wanting your data.

Anything else is a band-aid and temporary at best.

Strat.

Re:Securing your laptop? Only one way

[clovis]

The only reliable way to protect your data from government thugs is to change the government such that there are no government thugs wanting your data.

Anything else is a band-aid and temporary at best.

Strat.

That is the final step in the process.
Step one is getting people to realize there's a problem.
And that's why journalists need to have their information protected, and that's why the goons want to get their hands on it.